Vulnerability Description
Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device, impersonating Connected IO management platform and sending commands to all of Connected IO's devices.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Connectedio | Er2000T-Vz-Cat1 Firmware | <= 2.1.0 |
| Connectedio | Er2000T-Vz-Cat1 | - |
References
- https://claroty.com/team82/disclosure-dashboard/cve-2023-33379Third Party Advisory
- https://www.connectedio.com/products/routersProduct
- https://claroty.com/team82/disclosure-dashboard/cve-2023-33379Third Party Advisory
- https://www.connectedio.com/products/routersProduct
FAQ
What is CVE-2023-33379?
CVE-2023-33379 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devices to connect to the broker and issue commands to other device...
How severe is CVE-2023-33379?
CVE-2023-33379 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-33379?
Check the references section above for vendor advisories and patch information. Affected products include: Connectedio Er2000T-Vz-Cat1 Firmware, Connectedio Er2000T-Vz-Cat1.